There is money to be made in cryptocurrency, especially when you can use someone else's computing power (and electricity) to mine for it.
In this case, hackers somehow compromised Texthelp's web accessibility plugin "Browsealoud," which reads and translates web pages.
The hackers modified the plugin to spread a JavaScript mining code from the cryptocurrency site Coinhive. Coinhive, by the way, gets a 30% cut of all the Monero it mines.
Some of the top U.S. websites affected
You may want to check out the 4,300 compromised websites here. This is a random sample we came across on the list. There are hundreds more U.S. websites impacted:
- U.S. Court System
- Indiana's state website
- Cook County, Illinois, Treasurer site
- Marymount Manhattan College, NYC
- Learning Disabilities Association of America
- Andover, Massachussetts, town website
Texthelp is posting security updates on its blog:
"Phase One of the company’s internal technical investigation is complete and a data security incident action plan is underway. The criminal investigation continues and Texthelp is working with the National Crime Agency and The National Cyber Security Centre to pursue the investigation further.
Martin McKay, CTO and Data Security Officer, said, “In light of other recent cyber attacks all over the world, we have been preparing for such an incident for the last year. Our data security action plan was actioned straight away and was effective, the risk was mitigated for all customers within a period of four hours.”
We're waiting to learn more, but the company had a very speedy notification process:
"At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of the Texthelp Browsealoud product was compromised during a cyber attack. The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency. This was a criminal act."
